BSidesLV 2017 has ended
Back To Schedule
Wednesday, July 26 • 10:30 - 10:55
Mining Software Vulns in SCCM / NIST’s NVD– The Rocky Road to Data Nirvana

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Patch management for 3rd-party software can be a significant challenge. The raw data for effective vulnerability management is available in MS’ SCCM (software inventory) and NIST’s NVD (vulnerability database). However extracting the relevant information from complex, sometimes undocumented data structures poses significant challenges.

We set the stage first with a brief overview of SCCM / NVD data structures as well as a look at a (non-typical but interesting!) production environment. Then we’ll take a quick dive into data wrangling / Machine Learning fundamentals applied to this problem: feature extraction, choice of approach, algorithm choice and turning.

Once the technical challenges are resolved, the path to “Data Nirvana” can still be strewn with significant non-technical hurdles to overcome as well. We will discuss some practical “been there, done that” examples. Following a “Lessons Learned” summary, there will be a demo of the tool.

avatar for Loren Gordon

Loren Gordon

Security Architect, Ubisoft
With over 25 years’ experience, Loren has done extensive stints at 2 large financial institutions, a major retailer, a world-class telco, a service bureau or two, and now Ubisoft (the greatest gaming company ever!). Loren has worked on everything from mobile phones, laptops and... Read More →

Wednesday July 26, 2017 10:30 - 10:55 PDT
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169